Back to 0x1f8b's contests

Cudos contest - 0x1f8b's results

Decentralised cloud computing for Web3.

General Information

Platform: Code4rena

Start Date: 03/05/2022

Pot Size: $75,000 USDC

Total HM: 6

Participants: 55

Period: 7 days

Judge: Albert Chon

Total Solo HM: 2

Id: 116

League: COSMOS

Cudos

Findings Distribution

Researcher Performance

Rank: 25/55

Findings: 2

Award: $243.57

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCudos

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, GermanKuber, GimelSec, Hawkeye, JC, MaratCerby, WatchPug, Waze, broccolirob, cccz, ch13fd357r0y3r, cryptphi, danb, defsec, delfin454000, dipp, dirk_y, ellahi, gzeon, hake, hubble, ilan, jah, jayjonah8, kebabsec, kirk-baird, m9800, orion, oyc_109, robee, shenwilly, simon135, sorrynotsorry

Awards

113.7803 USDC - $113.78

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-05-cudos/blob/de39cf3cd1f1e1cf211819b06d4acf6a043acda0/solidity/contracts/Gravity.sol#L185 https://github.com/code-423n4/2022-05-cudos/blob/de39cf3cd1f1e1cf211819b06d4acf6a043acda0/solidity/contracts/Gravity.sol#L238-L240

Vulnerability details

Impact

It's possible to bypass verifySig and checkValidatorSignatures methods using empty signers.

Proof of Concept

The method ecrecover returns address(0) when the signature is wrong, so if a user use address(0) as a validator or _signer the return will be true.

_signer == ecrecover(messageDigest, _v, _r, _s);

Also, the method checkValidatorSignatures never check that the validator is repeated inside the array, so if someone it's able to specify the validators, and it's able to sign with one valid key, if he repeat the same signature multiple times, it will be computed as a different one.

check that _signer is not empty.

#0 - maptuhec

2022-05-11T12:50:34Z

Duplicate of #127

Findings Information

🌟 Selected for report: GermanKuber

Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, AlleyCat, CertoraInc, Dravee, Funen, GimelSec, IllIllI, JC, MaratCerby, WatchPug, Waze, defsec, delfin454000, ellahi, gzeon, hake, hansfriese, ilan, jonatascm, nahnah, oyc_109, peritoflores, rfa, robee, simon135, slywaters, sorrynotsorry

Awards

129.7885 USDC - $129.79

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue
  1. Remove storage variable MAX_UINT and use constant or inline.
  1. There are require messages bigger than 32 bytes. More than 32 bytes for message will incur an extra gas costs.
  1. Change the incremental logic from i++ to ++i in order to save some opcodes:
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter